Methods, apparatuses, and devices for transferring data assets based on blockchain

ABSTRACT

Embodiments of the present specification disclose methods, apparatuses, and devices for transferring data assets based on a blockchain. One method includes: obtaining usage demand information of a data requestor for using original data, wherein the usage demand information indicates a demand of the data requestor for performing computations based on the original data; sending a usage authorization request for the original data to a data owner of the original data based on a decentralized identifier (DID) corresponding to the original data; receiving confirmation information of the usage authorization request from the data owner; processing the original data based on the usage demand information to obtain a processing result; transmitting the processing result to the data requestor; and generating a verifiable claim (VC) for recording usage information of the original data.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application claims priority to Chinese Patent Application No.202010969238.0, filed on Sep. 15, 2020, which is hereby incorporated byreference in its entirety.

TECHNICAL FIELD

The present application relates to the field of blockchain technologies,in particular, to methods, apparatuses, and devices for transferringdata assets based on a blockchain.

BACKGROUND

Data plays an increasingly important role in the existing technology.For example, diagnostic data in a medical record of a user may beconsidered as valuable data by medical research institutions, and themedical research institutions are willing to pay the user to purchasethe data of the user for study of medical research technologies. It canbe seen from the previous example that some data is highly valuable andcan be processed as assets.

However, in the existing technology, there is no complete data assettransfer solution available yet.

SUMMARY

Embodiments of the present specification provide methods, apparatuses,and devices for transferring data assets based on a blockchain, toalleviate a problem that security of a data asset transfer processcannot be ensured and the data asset transfer process cannot be recordedin the existing methods for transferring data assets.

To alleviate the previous technical problem, the embodiments of thepresent specification are implemented as follows:

A method for transferring data assets based on a blockchain provided inthe embodiments of the present specification includes the following:usage demand information of a data requestor for original data thatserves as data assets is obtained, where the usage demand information isused to indicate a demand of the data requestor for obtaining a resultcalculated based on the original data; a usage authorization request forthe original data is submitted to a data owner of the original databased on a decentralized identifier (DID) corresponding to the originaldata; after confirmation information of the usage authorization requestis received from the data owner, the original data is processed based onthe usage demand to obtain processing result data; the processing resultdata is transmitted to the data requestor; and a verifiable claim (VC)used to record usage information of the original data is generated.

A method for transferring data assets based on a blockchain provided inthe embodiments of the present specification includes the following:purchase demand information of a data requestor for original data thatserves as data assets is obtained; a selling authorization request forthe original data is submitted to a data owner of the original databased on a DID corresponding to the original data; and afterconfirmation information of the selling authorization request isreceived from the data owner, a VC that includes ownership informationof the original data is generated, where the ownership information isused to indicate that ownership of the original data belongs to the datarequestor.

An apparatus for transferring data assets based on a blockchain providedin the embodiments of the present specification includes: a usage demandinformation acquisition module, configured to obtain usage demandinformation of a data requestor for original data that serves as dataassets, where the usage demand information is used to indicate a demandof the data requestor for obtaining a result calculated based theoriginal data; a usage authorization request submission module,configured to submit a usage authorization request for the original datato a data owner of the original data based on a DID corresponding to theoriginal data; a data processing module, configured to: afterconfirmation information of the usage authorization request is receivedfrom the data owner, process the original data based on the usage demandto obtain processing result data; a processing result data transmissionmodule, configured to transmit the processing result data to the datarequestor; and a verifiable claim generation module, configured togenerate a VC used to record usage information of the original data.

An apparatus for transferring data assets based on a blockchain providedin the embodiments of the present specification includes: a purchasedemand information acquisition module, configured to obtain purchasedemand information of a data requestor for original data that serves asdata assets; a selling authorization request submission module,configured to submit a selling authorization request for the originaldata to a data owner of the original data based on a DID correspondingto the original data; and a verifiable claim generation module,configured to: after confirmation information of the sellingauthorization request is received from the data owner, generate a VCthat includes ownership information of the original data, where theownership information is used to indicate that ownership of the originaldata belongs to the data requestor.

A device for transferring data assets based on a blockchain provided inthe embodiments of the present specification includes: at least oneprocessor; and a memory communicatively coupled to the at least oneprocessor, where the memory stores instructions that can be executed bythe at least one processor, and the instructions are executed by the atleast one processor to enable the at least one processor to: obtainusage demand information of a data requestor for original data thatserves as data assets, where the usage demand information is used toindicate a demand of a data requestor for obtaining a result calculatedbased on the original data; submit a usage authorization request for theoriginal data to a data owner of the original data based on a DIDcorresponding to the original data; after receiving confirmationinformation of the usage authorization request from the data owner,process the original data based on the usage demand to obtain processingresult data; transmit the processing result data to the data requestor;and generate a VC used to record usage information of the original data.

A device for transferring data assets based on a blockchain provided inthe embodiments of the present specification includes: at least oneprocessor; and a memory communicatively coupled to the at least oneprocessor, where the memory stores instructions that can be executed bythe at least one processor, and the instructions are executed by the atleast one processor to enable the at least one processor to: obtainpurchase demand information of a data requestor for original data thatserves as data assets; submit a selling authorization request for theoriginal data to a data owner of the original data based on a DIDcorresponding to the original data; and after receiving confirmationinformation of the selling authorization request from the data owner,generate a VC that includes ownership information of the original data,where the ownership information is used to indicate that ownership ofthe original data belongs to the data requestor.

A computer readable medium provided in the embodiments of the presentspecification stores computer readable instructions, where the computerreadable instructions can be executed by a processor to implement themethod for transferring data assets based on a blockchain.

The embodiments of the present specification can achieve the followingbeneficial effects: The usage demand information of the data requestorfor the original data that serves as the data assets is obtained. Theusage authorization request for the original data is submitted to thedata owner of the original data based on the DID corresponding to theoriginal data. After the confirmation information of the usageauthorization request is received from the data owner, the original datais processed based on the usage demand to obtain processing result data.The processing result data is transmitted to the data requestor. The VCused to record usage information of the original data is generated. Assuch, it can be ensured that when the original data serving as dataassets is kept within a domain, transmission usage needs are satisfied,and a usage process of the processing result data obtained by processingthe original data can be clearly recorded, thereby ensuring that thedata asset transfer process is secure and traceable.

BRIEF DESCRIPTION OF DRAWINGS

To describe technical solutions in embodiments of the presentspecification or in the existing technology more clearly, the followingbriefly describes the accompanying drawings needed for describing theembodiments or the existing technology. Clearly, the accompanyingdrawings in the following descriptions merely show some embodiments ofthe present specification, and a person of ordinary skill in the art canstill derive other drawings from these accompanying drawings withoutcreative efforts.

FIG. 1 is a schematic diagram illustrating an overall solution of amethod for transferring data assets based on a blockchain, according tosome embodiments of the present specification;

FIG. 2 is a flowchart illustrating a method for transferring data assetsbased on a blockchain, according to Embodiment 1 of the presentspecification;

FIG. 3 is a flowchart illustrating a method for transferring data assetsbased on a blockchain, according to Embodiment 2 of the presentspecification;

FIG. 4 is a schematic structural diagram illustrating an apparatus fortransferring data assets based on a blockchain corresponding to FIG. 2,according to some embodiments of the present specification;

FIG. 5 is a schematic structural diagram illustrating an apparatus fortransferring data assets based on a blockchain corresponding to FIG. 3,according to some embodiments of the present specification; and

FIG. 6 is a schematic structural diagram illustrating a device fortransferring data assets based on a blockchain, according to someembodiments of the present specification.

DESCRIPTION OF EMBODIMENTS

To make the objectives, technical solutions and advantages ofembodiments of the present specification clearer, the following clearlyand comprehensively describes the technical solutions of the presentspecification with reference to specific embodiments and accompanyingdrawings of the present specification. Clearly, the describedembodiments are only some rather than all embodiments of the presentspecification. All other embodiments obtained by a person of ordinaryskill in the art based on the one or more embodiment of the presentspecification without creative efforts shall fall within the protectionscope of the present specification.

A blockchain is a technical solution that collectively maintains areliable database by using decentralization and trustless methods. Theblockchain is characterized by decentralization, decentralized storage,encryption, and traceability. Due to use of decentralized computationand storage, there is no centralized hardware or managementorganization. All nodes are equal in rights and obligations. Data blocksin a system are jointly maintained by a node with a maintenance functionin the entire system. Digital currency transactions or other data can besecurely stored, and information cannot be forged and tempered with.Transaction confirmation in the blockchain is jointly completed by allnodes in the blockchain.

Due to mechanisms such as a consensus algorithm and an encryptionalgorithm, the blockchain can effectively manage data asset-type data,for example, copyright data, contract data, and game items. In a datamonetization process, data flow from on-chain to off-chain may damagetrustworthiness of the assets. The privacy of data assets cannot beguaranteed during transfer, use, and calculation of the assets. Inaddition, an owner, a user, and usage information of each data assetcannot be clearly recorded in the transfer process. Therefore, how toensure trusted transfer of data that serves as assets in the networkbecomes a problem to be alleviated urgently.

The technical solutions of the embodiments of the present specificationare described in detail below with reference to the accompanyingdrawings.

FIG. 1 is a schematic diagram illustrating an overall solution of amethod for transferring data assets based on a blockchain, according tosome embodiments of the present specification. As shown in FIG. 1, adata owner 102 can enter relevant information of original data andrelevant information of the data owner through an application interfaceof an authorization application 104 of the data owner. A decentralizedidentifier service (DIS) 106 can establish binding relationshipinformation between a decentralized identifier (DID) of the data ownerand a data identifier of corresponding original data, and stores thebinding relationship information in a first blockchain 108. Here, thefirst blockchain 108 can be a first blockchain system or a secondblockchain system in subsequent embodiments of the presentspecification. Any blockchain used to store relevant data or a bindingrelationship can be the first blockchain 108 here. The first blockchain108 can further store original data, and send, for computing, theoriginal data to a confidential computing cloud service (C3S) 110responsible for computing, to obtain processing result data. Theprocessing result data is stored in a second blockchain 112, or can bestored in the first blockchain 108. The second blockchain 112 can alsobe used to transmit the processing result data to a data requestor 114.In addition to the data requestor 114, the processing result data canalso be transmitted back to the data owner 102, so that the processingresult data can also be served as data assets of the data owner 102.After receiving the processing result data, the data requestor 114 canenter usage information of the processing result data and relevantinformation of the data requestor 114 through an authorizationapplication 116 of the data requestor. Finally, the entire data transferprocess and usage records of the original data need to be stored in theblockchain. In this case, a blockchain for storing the data can be thefirst blockchain 108, the second blockchain 112, or other blockchains.No specific limitation is imposed here.

Next, the method for transferring data assets based on a blockchainprovided in some embodiments of the present specification is describedin detail below with reference to the accompanying drawings.

Embodiment 1

FIG. 2 is a flowchart illustrating a method for transferring data assetsbased on a blockchain, according to Embodiment 1 of the presentspecification. In terms of a program, the embodiments of the presentspecification can be executed by an application service cluster. Theserver cluster can include one or more application services. Theseapplication services can perform data exchange with a blockchainnetwork, or can be deployed on a blockchain. DIS, C3S responsible forcomputing, etc. can be deployed in the application service cluster. Insubsequent embodiments, the execution body is replaced with a “system”for ease of description.

As shown in FIG. 2, the process can include the following steps:

Step 202: Usage demand information of a data requestor for original datathat serves as data assets is obtained, where the usage demandinformation is used to indicate a demand of the data requestor forobtaining a result calculated based on the original data.

The data requestor can be a user who requests to use data. Here, theuser can be an individual or an organization such as an enterprise andan institution.

The usage demand information can indicate the demand of the datarequestor for obtaining the result calculated based on the originaldata. The usage demand information can be a piece of request informationthat includes relevant information of request data. The relevantinformation of the request data can include a type of processing resultdata that the user requests to use, a data identifier and a data type ofthe original data corresponding to the processing result data, etc. Insome applications, the usage demand information can also includespecific use of the original data that the user requests to use.

The data assets can be digital assets of a common individual orenterprise, for example, the data assets can be various types of datathat uses documents as carriers, such as pictures, videos, editeddocuments, medical record data, and industrial data of the individual.Alternatively, the data assets can be design drawings, contracts,orders, and any data of various services that use documents as carriersof an enterprise.

Step 204: A usage authorization request for the original data issubmitted to a data owner of the original data based on a DIDcorresponding to the original data.

A decentralized identifier (DID) is a digital identity credentialimplemented based on a decentralized system. DID technologies areusually implemented based on the blockchain system. Fundamental elementsconstituting a DID include at least a DID and a decentralized identifierdocument (DID Doc). The DID can be a DID of the data owner of theoriginal data. The original data also has a data identifier, and thatthe original data and the data owner have a binding relationship can bespecifically that the data identifier of the original data and the DIDof the data owner have a binding relationship.

Step 206: After confirmation information of the usage authorizationrequest is received from the data owner, the original data is processedbased on the usage demand to obtain processing result data.

The usage authorization request transmitted by the system to the dataowner can include the usage demand information of the data requestor.The usage authorization request can be transmitted in form of uniformresource locator (URL), that is, a website corresponding to the usageauthorization demand transmitted to the data owner, and after the dataowner clicks the link of the website to open a corresponding webpage,the webpage can display the usage demand information of the datarequestor. An “Agree” or “Reject” button can be configured on thewebpage. If the data owner agrees the data requestor to use data, the“Agree” button can be clicked. Certainly, in actual applications, theusage authorization request can be a piece of text confirmationinformation transmitted to the data owner. The data owner can performauthorization only by replying “Confirmed”.

After receiving the confirmation information of the usage authorizationrequest from the data owner, the system can process the original databased on the usage demand of the data requestor to obtain the processingresult data of the data. The system can process the original data byselecting a corresponding processing method based on different demandsof the data requestor, for example, statistical summation andcalculation of an average value.

During processing of the original data, the original data can betransmitted, for processing, to a platform that is used to provide asecure C3S. The platform that is used to provide a secure C3S can be aC3S.

Privacy protection can be implemented by using various technologies, forexample, cryptology technologies (such as Homomorphic encryption andZero-knowledge proof), hardware privacy technologies, or networkisolation technologies. A typical type of hardware privacy protectiontechnology includes a trusted execution environment (TEE).

For example, blockchain nodes can implement a secure executionenvironment for blockchain transactions by using the TEE. The TEE is atrusted execution environment that is obtained through secure extensionbased on central processing unit (CPU) hardware and that is completelyisolated from the outside world. Currently, the industry pays greatattention to the TEE solution. Almost all mainstream chip and softwarealliances have respective TEE solutions, for example, the trustedplatform module (TPM) for software, and the Intel software guardextensions (SGX), the ARM Trustzone, the AMD platform security processor(PSP) for hardware. The TEE can play a role of a hardware black box.Codes and data executed in the TEE cannot be peeked even at an operatingsystem layer, and can be operated only by using pre-defined interfacesin the codes. In terms of efficiency, due to the black box property ofthe TEE, computation of plaintext data instead of complicated cryptologycomputation of homomorphic encryption is performed in the TEE, so thereis almost no efficiency loss during computation. Therefore, deployingthe TEE on the blockchain node can greatly satisfy the privacy demand inthe blockchain scenario when there are relatively small performancelosses, thereby protecting data privacy.

Processing the original data by using a confidential computing methodcan complete secure and trusted computation of the original data thatserves as data assets while ensuring that the original data of the useris not leaked.

Step 208: The processing result data is transmitted to the datarequestor.

Step 210: A verifiable claim (VC) used to record usage information ofthe original data is generated.

The VC records information that is used to indicate that the originaldata is used by the data requestor. In the system, the usage informationof the original data is recorded and stored in the blockchain network.Specifically, the usage information of the original data can be storedin the form of the VC in the blockchain network.

In actual applications, the VC can specifically include informationabout the data requestor that uses the calculation result of theoriginal data, a used data form of the original data (for example, aspecific type of calculation result for use), a usage range of thecalculation result of the original data, etc.

It should be understood that sequences of some steps of methods in someembodiments of the present specification can be exchanged based onactual needs, or some steps can be omitted or deleted.

In the method shown in FIG. 2, the usage demand of the original datathat serves as data assets is obtained from the data requestor. Theusage authorization request for the original data is submitted to thedata owner of the original data based on the DID corresponding to theoriginal data. After the confirmation information of the usageauthorization request is received from the data owner, the original datais processed based on the usage demand to obtain the processing resultdata. The processing result data is transmitted to the data requestor.The VC used to record the usage information of the original data isgenerated. As such, it can be ensured that when the original dataserving as the data assets is kept within a domain, transmission usageneeds are satisfied, and a usage process of the processing result dataobtained by processing the original data is clearly recorded, therebyensuring that the data asset transfer process is secure and traceable.

Based on the method shown in FIG. 2, some embodiments of the presentspecification further provide some specific implementation solutionsthat are described below.

Optionally, before the usage demand information of the data requestorfor the original data that serves as data assets is obtained, the methodfurther includes the following:

belonging relationship information between the original data and thedata owner is obtained;

binding relationship information between the data identifier of theoriginal data and the DID of the data owner is established based on thebelonging relationship information; and

the binding relationship information is stored in a first blockchainsystem.

The blockchain technology has the following four major features:

(1) Decentralization: peer-to-peer transactions, coordination, andcooperation can be implemented without intervention of a third party. Inthe blockchain network, no institution or individual can perform overalldata control, and overall operating of the system is not affected whenany one of nodes stops working. The decentralized network can greatlyenhance data security.

(2) Tamper-proofing: The blockchain verifies and stores data by usingencryption technologies, and adds and updates data by using adecentralized consensus algorithm. The blockchain requires all nodes toparticipate in transaction verification and block mining. Modificationsof any data require changes of all subsequent records, and it is verydifficult to modify data on a single node.

(3) Openness, transparency, and traceability: Content written into ablock is copied to all nodes, all nodes own the newest complete databasecopy, and all record information is open. Any person can query data inthe block through an open interface. Each transaction in the blockchainis stored and solidified in block data through chained storage, and alltransaction records in all blocks undergo superimposed hash digesting byusing a cryptographic algorithm, so data of any historical transactioncan be traced.

(4) Collective maintenance: Decentralization of the blockchain networkdetermines the collective maintenance of the blockchain network. Aconventional decentralized institution usually plays three roles: datastorage, data management, and data analysis. The blockchain network isjointly maintained by all participants that play equivalent roles. Allparties have clear rights and obligations, and do not need to transfer aright to a third-party institution, to implement joint cooperation.

The original data that serves as data assets can be stored in theblockchain based on decentralization, tamper-proofing, openness,transparency, and traceability of the blockchain.

A belonging relationship can indicate the data owner that the originaldata belongs to. Each original data belongs to a data owner. Eachoriginal data has a data identifier. The data owner also has a DID. Thebinding relationship information between the identifier of the originaldata and the DID of the data owner can be established based on thebelonging relationship between the original data and the data owner. Thebinding relationship information is stored in the first blockchainsystem for convenient query.

Optionally, the step of obtaining belonging relationship informationbetween the original data and the data owner can specifically includethe following:

ownership confirmation information that includes a digital signature ofa trusted organization is obtained, where the ownership confirmationinformation is used to indicate actual identity information of the dataowner of the original data.

The step of establishing binding relationship information between thedata identifier of the original data and the DID of the data owner canspecifically include the following:

a DID corresponding to the actual identity information is searched for;and

record information of the data identifier of the original data is addedto a DID Doc corresponding to the DID.

The trusted organization can be an organization that has authority andcan prove ownership of the data, for example, a bank, a credit reportingagency, or a social security service. The bank is used as an example. Asystem of the bank stores corresponding salary details of a user, andthe salary details stamped with the official seal of the bank can provevalidity and authenticity. Therefore, the ownership confirmationinformation that includes the digital signature of the trustedorganization can be obtained when the belonging relationship informationbetween the original data and the data owner is determined. Theownership confirmation information can be used to indicate the actualidentity information of the data owner of the original data, and theownership confirmation information can include identificationinformation such as an identity card number and a name of the dataowner. For example, for original data A, ownership confirmationinformation that includes a digital signature provided by trustedorganization B is as follows: original data A belongs to Zhang San, andan identity card number is X.

The DID of the data owner can be determined after the actual identityinformation of the data owner is determined. The DID of the owner isstored in the DID Doc. When the binding relationship between theoriginal data and the data owner is established, the record informationof the data identifier of the original data can be added to the DID Docthat stores the DID of the data owner, to complete the bindingrelationship between the DID of the data owner and the data identifierof the original data.

The DID Doc can be used to store relevant information of the DID. TheDID Doc can include the DID corresponding to the data owner, and a DIDof one data owner can be correspondingly stored in one DID Doc. The DIDDoc stored on the blockchain can be signed by using an asymmetricencryption algorithm, encrypted by using a private key, and decryptedand verified by using a public key.

It is worthwhile to note that in the embodiments of the presentspecification, a blockchain platform can provide a DIS. Specifically,the user can create an individual DID and an individual DID Doc by usingthe DIS used to manage an identity of the user. The DID and the DID Docof the user can be both stored in the blockchain platform.

The DIS is a blockchain-based identity management solution. A DIS servercan be connected to the blockchain platform, and provide functions suchas creation, verification and management of a digital identity, therebyimplementing standardized management and protection of entity data whileensuring authenticity and efficiency of information transfer.

In the embodiments of the present specification, the DIS can be used toestablish the binding relationship between the data identifier of theoriginal data and the DID of the data owner, can also be used toestablish the binding relationship between the data identifier ofprocessing result data and the DID of the data requestor, and store thebinding relationships in the DID Doc.

Optionally, in the embodiments of the present specification, a pluralityof methods for transmitting the processing result data to the datarequestor can be provided.

Method 1

The processing result data is transmitted to the data requestor by usinga second blockchain system.

In the previous method, the processing result data can be encrypted byusing a public key of the data requestor during data transmission, andis transmitted to the data requestor after encryption. After receivingthe processing result data, the data requestor can perform decryption byusing a private key of the data requestor to obtain decrypted data,thereby preventing data from leaking during transmission.

Method 2

The processing result data is transmitted from a third blockchain systemto a fourth blockchain system by using cross-chain transmissions, wherethe fourth blockchain system is a blockchain system accessed by the datarequestor.

In some actual application scenarios, the blockchain system accessed bythe data requestor may be different from a blockchain system accessed bythe data owner. In this case, the data of the data owner can betransmitted to the data requestor by using cross-chain transmissions.

Method 3

The processing result data is transmitted to the data requestor by usingoff-chain transmissions.

In the method, off-chain authorization trusted transmission can be used,and a transmission relationship is stored on the blockchain.

In all the previous three transmission methods, the processing resultdata can be encrypted during transmission, to ensure security of theprocessing result data during transmission.

Optionally, the method can further include the following:

binding relationship information between the data identifier of theprocessing result data and the DID of the data owner is established; and

the binding relationship information is stored in the first blockchainsystem.

It is worthwhile to note that the data owner can consider the processingresult data obtained by processing the original data as newly added dataassets of the data owner, store the processing result data in theblockchain system, and bind the processing result data to the DID of thedata owner. As such, retrieving and recording newly added data assets ofthe data owner to the blockchain can be implemented. In addition, when adata requestor subsequently requests the processing result data, theprocessing result data of the data owner can be directly transmitted tothe data requestor without repeated processing of the original data.Therefore, in actual applications, the binding relationship informationbetween the data identifier of data for processing and the DID of thedata owner can be established, and the binding relationship informationis stored in the first blockchain system. The blockchain system alsostores the binding relationship information between the data identifierof the original data and the DID of the data owner.

Optionally, the original data is stored in a fifth blockchain system,and the method can further include the following:

the processing result data is stored in the fifth blockchain system.

After processing the original data to obtain the processing result data,the system can transmit the processing result data to the data owner inaddition to the data requestor. This is referred to as data retrieving.After the operation is performed, the data owner can also use theprocessing result data as data assets of the data owner, therebyincreasing the data assets of the data owner. Therefore, when a datarequestor subsequently requests the processing result data, theprocessing result data of the data owner can be directly transmitted tothe data requestor without repeated processing of the original data.

In addition, it is worthwhile to note that “first, second, third,fourth, and fifth” in the “first blockchain system”, the “firstblockchain system”, the “third blockchain system”, the “fourthblockchain system”, and the “fifth blockchain system” described in theprevious embodiments do not have special meanings, but are merely usedto specify blockchain systems to perform different functions. In actualapplications, these blockchain systems can belong to the same blockchainsystem, or can be different blockchain systems. Embodiments are notspecifically limited in the present specification.

Embodiment 2

FIG. 3 is a flowchart illustrating a method for transferring data assetsbased on a blockchain, according to Embodiment 2 of the presentspecification. In terms of a program, the process can be executed by aprogram or an application that is loaded on an application server or anapplication client device. The execution body in the present embodimentof the present specification can be the same as the execution body inEmbodiment 1.

As shown in FIG. 3, the process can include the following steps:

Step 302: Purchase demand information of a data requestor for originaldata that serves as data assets is obtained.

The purchase demand information can be used to indicate a demand of thedata requestor for purchasing the original data.

Step 304: A selling authorization request for the original data issubmitted to a data owner of the original data based on a DIDcorresponding to the original data.

Step 306: After confirmation information of the selling authorizationrequest is received from the data owner, a VC that includes ownershipinformation of the original data is generated, where the ownershipinformation is used to indicate that ownership of the original databelongs to the data requestor.

The ownership information of the original data can be the rights of thedata owner to possess, use, benefit, dispose of, and independentlydispose of the original data. The ownership is transferred when an ownerof the original data agrees to sell the original data, and the ownershipof the original data belongs to a requestor who purchases the originaldata.

It is worthwhile to note that the original data in the presentembodiment can be trusted data stored in a trusted device. The data canbe medical record data, pictures, videos, novel documents, etc. of anindividual. The trusted device can be a trusted USB flash drive, atrusted memory, and other hardware. A novel that is written by a userand that is stored in the trusted USB flash drive is used as an example.The trusted USB flash drive can determine ownership of the novel.

Information stored in the trusted hardware cannot be tampered with,thereby ensuring trustworthiness of the original data stored in thetrusted hardware. There is a unique binding relationship between thetrusted hardware and the user. When the user needs to use the trustedhardware to manage a personal identity and data, the user can enterrelevant information of the original data by using an applicationinterface of an application corresponding to the trusted hardware.

Based on the method shown in FIG. 3, some embodiments of the presentspecification further provide some specific implementation solutionsthat are described below.

Optionally, the method in FIG. 3 further includes the following:

the original data is encrypted to obtain encrypted original data; and

the encrypted original data is transmitted to the data requestor.

In the previous method, the original data can be encrypted to ensuresecurity during data transmission. The original data can be encrypted byusing a public key and decrypted by using a private key. In addition, adigital signature method can be used to encrypt the original data byusing a private key and decrypt the original data by using a public keyto ensure ownership of the digital signature. However, in some specialapplication scenarios, the data owner can use a public key of the dataowner to encrypt the data, and transmit a private key of the data ownerto a corresponding data owner by using a secure method, so that the dataowner can decrypt the data by using the private key of the data owner.

In actual application scenarios, the original data that serves as dataassets needs to be unique and cannot be randomly duplicated. Therefore,the ownership of the original data needs to be transferred when theoriginal data is sold. Once the original data is sold, the ownership ofthe original data is transferred from the data owner who sells the datato the data requestor who purchases the data.

The data owner agrees to sell the original data to the data requestor,and deletes the original data stored by the data owner after theoriginal data is successfully transmitted to the data requestor. Thatis, the original data stored in a device of the data owner is deleted,and the data owner no longer has a corresponding right to use theoriginal data, so that the ownership of the original data can betransferred.

Optionally, before the step of obtaining purchase demand information ofa data requestor for original data that serves as data assets, themethod can further include the following:

belonging relationship information between the original data and thedata owner is obtained;

first binding relationship information between a data identifier of theoriginal data and a DID of the data owner is established based on thebelonging relationship information; and

the first binding relationship information is stored in a firstblockchain system.

Optionally, the step of obtaining belonging relationship informationbetween the original data and the data owner can specifically includethe following:

ownership confirmation information that includes a digital signature ofa trusted organization is obtained, where the ownership confirmationinformation is used to indicate actual identity information of the dataowner of the original data.

The step of establishing binding relationship information between a dataidentifier of the original data and a DID of the data owner canspecifically include the following:

a DID corresponding to the actual identity information is searched for;and

record information of the data identifier of the original data is addedto a DID Doc corresponding to the DID.

Optionally, second binding relationship information between the dataidentifier of the original data and a DID of the data requestor isestablished after the confirmation information of the sellingauthorization request is received from the data owner; and

the second binding relationship information is stored in the firstblockchain system.

It is worthwhile to note that the binding relationship between the dataidentifier of the original data and the DID of the data owner is storedin the first blockchain system, and the binding relationship stored inthe blockchain system cannot be deleted or modified due to the featuresof the blockchain. As such, after the original data is sold to the datarequestor, the binding relationship between the data identifier of theoriginal data and the data requestor is generated, and is also stored inthe first blockchain system. In subsequent steps, the following stepscan be performed if the ownership of the original data needs to bedetermined:

one or more pieces of binding relationship information of the identifierof the original data in the first blockchain system are obtained;

a storage time of each piece of binding relationship information isobtained;

binding relationship information with the most recent storage time isdetermined as actual binding relationship information of the originaldata; and

identity information of an actual owner of the original data isdetermined based on the actual binding relationship information.

Optionally, the step of transmitting the encrypted original data to thedata requestor can specifically include the following:

the encrypted original data is transmitted to the data requestor througha second blockchain system; or

the encrypted original data is transmitted from a third blockchainsystem to a fourth blockchain system by using cross-chain transmissions,where the fourth blockchain system is a blockchain system accessed bythe data requestor; or

the encrypted original data is transmitted to the data requestor byusing off-chain transmissions.

It is worthwhile to note that the step of transmitting the original datain Embodiment 1 is the same as the step of transmitting the processingresult data in Embodiment 1, and the step of encrypting the originaldata is the same as the step of encrypting the processing result data inEmbodiment 1. A difference lies in that the data transmitted inEmbodiment 1 is the processing result data obtained by processing theoriginal data, and the data transmitted in Embodiment 2 is the originaldata. Therefore, for the implementation method in Embodiment 2,references can be made to the implementation steps in Embodiment 1.Details are omitted in the present specification.

The method in Embodiment 2 can achieve the following technical effects:

1) The purchase demand information of the data requestor for theoriginal data that serves as data assets is obtained. The sellingauthorization request for the original data is submitted to the dataowner of the original data based on the DID corresponding to theoriginal data. The VC that includes the ownership information of theoriginal data is generated after the confirmation information of theselling authorization request is received from the data owner. In theprevious method, the selling information of the original data can berecorded in the blockchain, and the selling process and the ownershiptransfer process of the original data can be both clearly recorded,thereby ensuring that the data asset transfer process is secure andtraceable.

2) The processing result data can be encrypted by using the public keyof the data requestor during data transmission, and is transmitted tothe data requestor after encryption. After receiving the processingresult data, the data requestor can perform decryption by using theprivate key of the data owner to obtain decrypted data to prevent datafrom being leaked during transmission.

3) The ownership of the original data needs to be transferred when theoriginal data is sold. Once the original data is sold, the ownership ofthe original data is transferred from the data owner who sells the datato the data requestor who purchases the data, thereby ensuringuniqueness of the data assets and preventing the data assets from beingtampered with and duplicated in any phase in the transfer process todestroy privacy.

4) After processing the original data to obtain the processing resultdata, the system can transmit the processing result data to the dataowner in addition to the data requestor. After the operation isperformed, the data owner can also use the processing result data asdata assets of the data owner, thereby increasing the data assets of thedata owner. Therefore, when a data requestor subsequently requests theprocessing result data, the processing result data of the data owner canbe directly transmitted to the data requestor without repeatedprocessing of the original data.

Embodiments of the present specification also provide an apparatuscorresponding to the method in Embodiment 1 based on the same concept.FIG. 4 is a schematic structural diagram illustrating an apparatus fortransferring data assets based on a blockchain corresponding to FIG. 2,according to some embodiments of the present specification. As shown inFIG. 4, the apparatus can include:

a usage demand information acquisition module 402, configured to obtainusage demand information of a data requestor for original data thatserves as data assets, where the usage demand information is used toindicate the demand of the data requestor for obtaining a resultcalculated based the original data;

a usage authorization request submission module 404, configured tosubmit a usage authorization request for the original data to a dataowner of the original data based on a DID corresponding to the originaldata;

a data processing module 406, configured to: after confirmationinformation of the usage authorization request is received from the dataowner, process the original data based on the usage demand to obtainprocessing result data;

a processing result data transmission module 408, configured to transmitthe processing result data to the data requestor; and

a verifiable claim generation module 410, configured to generate a VCused to record usage information of the original data.

Based on the apparatus shown in FIG. 4, some embodiments of the presentspecification further provide some specific implementation solutions ofthe method that are described below.

Optionally, the apparatus can further include:

a belonging relationship information acquisition module, configured toobtain belonging information between the original data and the dataowner;

a first binding relationship information establishment module,configured to establish binding relationship information between a dataidentifier of the original data and a DID of the data owner based on thebelonging relationship information; and

a first binding relationship information storage module, configured tostore the binding relationship information in a first blockchain system.

Optionally, the belonging relationship information acquisition modulecan specifically include:

an ownership confirmation information acquisition unit, configured toobtain ownership confirmation information that includes a digitalsignature of a trusted organization, where the ownership confirmationinformation is used to indicate actual identity information of the dataowner of the original data;

the binding relationship information establishment module canspecifically include:

a decentralized identifier searching unit, configured to search for aDID corresponding to the actual identity information; and

a record information adding unit, configured to add record informationof the data identifier of the original data to a DID Doc correspondingto the DID.

Optionally, the data processing module 406 can specifically include:

a data processing unit, configured to transmit, for processing, theoriginal data to a platform used to provide a secure C3S.

Optionally, the processing result data transmission module 408 can bespecifically configured to:

transmit the processing result data to the data requestor through asecond blockchain system; or

transmit the processing result data from a third blockchain system to afourth blockchain system by using cross-chain transmissions, where thefourth blockchain system is a blockchain system accessed by the datarequestor; or

transmit the processing result data to the data requestor by usingoff-chain transmissions.

Optionally, the apparatus can further include:

a second binding relationship information establishment module,configured to establish binding relationship information between a dataidentifier of the processing result data and the DID of the data owner;and

a second binding relationship information storage module, configured tostore the binding relationship information in the first blockchainsystem.

Optionally, the original data is stored in a fifth blockchain system,and the apparatus can further include:

a processing result data storage module, configured to store theprocessing result data in the fifth blockchain system.

Embodiments of the present specification also provide an apparatuscorresponding to the method in Embodiment 2 based on the same concept.FIG. 5 is a schematic structural diagram illustrating an apparatus fortransferring data assets based on a blockchain corresponding to FIG. 3,according to some embodiments of the present specification. As shown inFIG. 5, the apparatus can include:

a purchase demand information acquisition module 502, configured toobtain purchase demand information of a data requestor for original datathat serves as data assets;

a selling authorization request application module 504, configured tosubmit a selling authorization request for the original data to a dataowner of the original data based on a DID corresponding to the originaldata; and

a verifiable claim generation module 506, configured to: afterconfirmation information of the selling authorization request isreceived from the data owner, generate a VC that includes ownershipinformation of the original data, where the ownership information isused to indicate that ownership of the original data belongs to the datarequestor.

Based on the apparatus shown in FIG. 5, some embodiments of the presentspecification further provide some specific implementation solutions ofthe method that are described below.

Optionally, the apparatus can further include:

an encryption module, configured to encrypt the original data to obtainencrypted original data; and,

an original data transmission module, configured to transmit theencrypted original data to the data requestor.

Optionally, the apparatus can further include:

an original data deletion module, configured to: after the original datais successfully transmitted to the data requestor, delete the originaldata stored by the data owner.

Optionally, the apparatus can further include:

a belonging relationship information acquisition module, configured toobtain belonging relationship information between the original data andthe data owner;

a first binding relationship information determining module, configuredto establish first binding relationship information between a dataidentifier of the original data and a DID of the data owner based on thebelonging relationship information; and

a first binding relationship storage module, configured to store thefirst binding relationship information in a first blockchain system.

Optionally, the belonging relationship information acquisition modulecan specifically include:

an ownership confirmation information acquisition unit, configured toobtain ownership confirmation information that includes a digitalsignature of a trusted organization, where the ownership confirmationinformation is used to indicate actual identity information of the dataowner of the original data.

The first binding relationship information establishment modulespecifically includes:

a decentralized identifier searching unit, configured to search for aDID corresponding to the actual identity information; and

a record information adding unit, configured to add record informationof the data identifier of the original data to a DID Doc correspondingto the DID.

Optionally, the apparatus can further include:

a second binding relationship information establishment module,configured to: after confirmation information of the sellingauthorization request is received from the data owner; establish secondbinding relationship information between the data identifier of theoriginal data and a DID of the data requestor; and

a second binding relationship information storage module, configured tostore the second binding relationship information in the firstblockchain system.

Optionally, the original data transmission module can be specificallyconfigured to:

transmit the encrypted original data to the data requestor through asecond blockchain system; or

transmit the encrypted original data from a third blockchain system to afourth blockchain system by using cross-chain transmissions, where thefourth blockchain system is a blockchain system accessed by the datarequestor; or

transmit the encrypted original data to the data requestor by usingoff-chain transmissions.

Embodiments of the present specification also provide a devicecorresponding to the previous method.

FIG. 6 is a schematic structural diagram illustrating a device fortransferring data assets based on a blockchain, according to someembodiments of the present specification. As shown in FIG. 6, the device600 can include:

at least one processor 610; and

a memory 630 communicatively coupled to the at least one processor.

The memory 630 stores instructions 620 that can be executed by the atleast one processor 610, and the instructions are executed by the atleast one processor 610.

Corresponding to Embodiment 1, according to the device for transferringdata assets based on a blockchain, the instructions 620 can enable theat least one processor 610 to:

obtain usage demand information of a data requestor for original datathat serves as data assets, where the usage demand information is usedto indicate a demand of a data requestor for obtaining a resultcalculated based on the original data;

submit a usage authorization request for the original data to a dataowner of the original data based on a DID corresponding to the originaldata;

after receiving confirmation information of the usage authorizationrequest from the data owner, process the original data based on theusage demand to obtain processing result data;

transmit the processing result data to the data requestor; and

generate a VC used to record usage information of the original data.

Corresponding to Embodiment 2, according to the device for transferringdata assets based on a blockchain, the instructions 620 can enable theat least one processor 610 to:

obtain purchase demand information of a data requestor for original datathat serves as data assets;

submit a selling authorization request for the original data to a dataowner of the original data based on a DID corresponding to the originaldata; and

after receiving confirmation information of the selling authorizationrequest from the data owner, generate a VC that includes ownershipinformation of the original data, where the ownership information isused to indicate that ownership of the original data belongs to the datarequestor.

Embodiments of the present specification also provide a computerreadable medium corresponding to the method in Embodiment 1 based on thesame concept. The computer readable medium stores computer readableinstructions, and the computer readable instructions can be executed bya processor to implement the following method:

usage demand information of a data requestor for original data thatserves as data assets is obtained, where the usage demand information isused to indicate a demand of a data requestor for obtaining a resultcalculated based on the original data;

a usage authorization request for the original data is submitted to adata owner of the original data based on a DID corresponding to theoriginal data;

after confirmation information of the usage authorization request isreceived from the data owner, the original data is processed based onthe usage demand to obtain processing result data;

the processing result data is transmitted to the data requestor; and

a VC used to record usage information of the original data is generated.

Embodiments of the present specification also provide a computerreadable medium corresponding to the method in Embodiment 2 based on thesame concept. The computer readable medium stores computer readableinstructions, and the computer readable instructions can be executed bya processor to implement the following method:

purchase demand information of a data requestor for original data thatserves as data assets is obtained;

a selling authorization request for the original data is submitted to adata owner of the original data based on a DID corresponding to theoriginal data; and

after confirmation information of the selling authorization request isreceived from the data owner, a VC that includes ownership informationof the original data is generated, where the ownership information isused to indicate that ownership of the original data belongs to the datarequestor.

The embodiments in the present specification are described in aprogressive way. For same or similar parts of the embodiments, mutualreferences can be made to the embodiments. Each embodiment focuses on adifference from other embodiments. In particular, as shown in FIG. 6,the devices for transferring data assets based on a blockchain aresimilar to method embodiments, and therefore are simply described. Forrelevant parts, mutual references can be made to the method embodiments.

In the 1990s, the improvement on a technology can be clearlydistinguished between hardware improvements (for example, improvementson circuit structures such as diodes, transistors and switches) orsoftware improvements (improvements on method processes). However, astechnologies develop, current improvements to many method processes canbe considered as direct improvements to hardware circuit structures.Almost all designers program an improved method process into a hardwarecircuit, to obtain a corresponding hardware circuit structure.Therefore, a method process can be improved by using a hardware entitymodule. For example, a programmable logic device (PLD) (for example, afield programmable gate array (FPGA)) is such an integrated circuit, anda logical function of the PLD is determined by a user through deviceprogramming. A designer “integrates” a digital system to a single PLDthrough self-programming, without requiring a chip manufacturer todesign and manufacture a dedicated integrated circuit chip. In addition,at present, instead of manually manufacturing an integrated circuitchip, such programming is mostly implemented by using “logic compiler”software. The logic compiler software is similar to a software compilerused to develop and write a program. Original code needs to be writtenin a particular programming language before being compiled. The languageis referred to as a hardware description language (HDL). There are manyHDLs, such as the Advanced Boolean Expression Language (ABEL), theAltera Hardware Description Language (AHDL), Confluence, the CornellUniversity Programming Language (CUPL), HDCal, the Java HardwareDescription Language (JHDL), Lava, Lola, MyHDL, PALASM, and the RubyHardware Description Language (RHDL). At present, the Very-High-SpeedIntegrated Circuit Hardware Description Language (VHDL) and Verilog aremost commonly used. A person skilled in the art should also understandthat a hardware circuit that implements a logical method process can bereadily obtained provided that the method process is logicallyprogrammed by using several of the previously described hardwaredescription languages and is programmed into an integrated circuit.

A controller can be implemented in any appropriate way. For example, thecontroller can be in a form of a microprocessor or a processor, or acomputer-readable medium that stores computer-readable program code(such as software or firmware) that can be executed by themicroprocessor or the processor, a logic gate, a switch, anapplication-specific integrated circuit (ASIC), a programmable logiccontroller, or a built-in microcontroller. Examples of the controllerinclude but are not limited to the following microcontrollers: ARC 625D,Atmel AT91SAM, Microchip PIC18F26K20, and Silicone Labs C8051F320. Amemory controller can be further implemented as a part of control logicof a memory. A person skilled in the art also knows that, in addition toimplementing the controller by using the computer-readable program code,method steps can be logically programmed to enable the controller toimplement the same function in forms of a logic gate, a switch, anapplication-specific integrated circuit, a programmable logiccontroller, and a built-in microcontroller. Therefore, such a controllercan be considered as a hardware component, and an apparatus that isincluded in the controller and configured to implement various functionscan also be considered as a structure in the hardware component.Alternatively, the apparatus configured to implement various functionscan even be considered as both a software module implementing a methodand a structure in the hardware component.

The system, apparatus, module, or unit illustrated in the aboveembodiments can be specifically implemented by using a computer chip oran entity, or can be implemented by using a product having a certainfunction. A typical implementation device is a computer. Specifically,the computer can be, for example, a personal computer, a laptopcomputer, a cellular phone, a camera phone, a smartphone, a personaldigital assistant, a media player, a navigation device, an email device,a game console, a tablet computer, a wearable device, or a combinationof any of these devices.

For ease of description, the previous apparatus is divided to variousunits based on functions for description when the previous apparatus isdescribed. Certainly, when the one or more embodiments of the presentspecification is implemented, functions of the units can be implementedin one or more pieces of software and/or hardware.

A person skilled in the art should understand that the embodiments ofthe present disclosure can be provided as a method, a system, or acomputer program product. Therefore, the one or more embodiments of thepresent disclosure can be in a form of hardware only embodiments,software only embodiments, or embodiments with a combination of softwareand hardware. In addition, the one or more embodiments of the presentdisclosure can be in a form of a computer program product that isimplemented on one or more computer-usable storage media (including butnot limited to a magnetic disk memory, a CD-ROM, an optical memory,etc.) that include computer-usable program code.

The embodiments of the present disclosure are described with referenceto the flowcharts and/or block diagrams of the method, the device(system), and the computer program product according to the embodimentsof the present disclosure. It is worthwhile to note that computerprogram instructions can be used to implement each process and/or eachblock in the flowcharts and/or the block diagrams and a combination of aprocess and/or a block in the flowcharts and/or the block diagrams.These computer program instructions can be provided for ageneral-purpose computer, a dedicated computer, an embedded processor,or a processor of another programmable data processing device togenerate a machine, so that the instructions executed by the computer orthe processor of the another programmable data processing devicegenerate an apparatus for implementing a specified function in one ormore processes in the flowcharts and/or in one or more blocks in theblock diagrams.

Alternatively, these computer program instructions can be stored in acomputer-readable memory that can instruct the computer or the anotherprogrammable data processing device to work in a specific way, so thatthe instructions stored in the computer-readable memory generate anartifact that includes an instruction apparatus. The instructionapparatus implements a specified function in one or more processes inthe flowcharts and/or in one or more blocks in the block diagrams.

Alternatively, these computer program instructions can be loaded ontothe computer or the another programmable data processing device, so thata series of operations and steps are performed on the computer or theanother programmable device, thereby generating computer-implementedprocessing. Therefore, the instructions executed on the computer or theanother programmable device provide steps for implementing a specifiedfunction in one or more processes in the flowcharts and/or in one ormore blocks in the block diagrams.

In a typical configuration, a computing device includes one or moreprocessors (CPUs), input/output interfaces, network interfaces, andmemories.

The memory may include at least one of a non-persistent memory, a randomaccess memory (RAM) or a nonvolatile memory in a computer-readablemedium, for example, a read-only memory (ROM) or a flash memory (flashRAM). The memory is an example of the computer-readable medium.

The computer-readable medium includes persistent, non-persistent,movable, and unmovable media that can store information by using anymethod or technology. The information can be computer-readableinstructions, data structures, program modules, or other data. Examplesof the computer storage medium include but are not limited to aphase-change random access memory (PRAM), a static random access memory(SRAM), a dynamic random access memory (DRAM), another type of randomaccess memory (RAM), a read-only memory (ROM), an electrically erasableprogrammable read-only memory (EEPROM), a flash memory or another memorytechnology, a compact disc read-only memory (CD-ROM), a digitalversatile disc (DVD) or another optical storage, a cassette magnetictape, a magnetic tape/magnetic disk storage or another magnetic storagedevice, or any other non-transmission medium. The computer storagemedium can be configured to store information accessible to a computingdevice. As described in the present specification, the computer-readablemedium does not include computer-readable transitory media such as amodulated data signal and a carrier.

It is worthwhile to note that the terms “comprise”, “include”, or anyother variation thereof are intended to cover a non-exclusive inclusion,so that a process, a method, a product, or a device that includes a listof elements includes those elements and further includes other elementsnot expressly listed or inherent to such a process, method, article, ordevice. In the absence of more restrictions, elements described by thephrase “include a/an . . . ” do not exclude the existence of additionalidentical elements in the process, method, product, or device thatincludes the elements.

A person skilled in the art should understand that the embodiments ofthe present application can be provided as methods, systems or computerprogram products. Therefore, the embodiments of the present applicationcan adopt forms of complete hardware embodiments, complete softwareembodiments or embodiments integrating software and hardware. Moreover,the present application can adopt the form of a computer program productimplemented on one or more computer available storage media (including,but not limited to, a disk memory, a CD-ROM, an optical memory, etc.)containing computer available program code.

The present application can be described in the general context ofcomputer executable instructions, such as program modules, executed by acomputer. Generally, the program modules include routines, programs,objects, components, data structures, etc. that perform particular tasksor implement particular abstract data types. The present application canalso be practiced in distributed computing environments where tasks areperformed by remote processing devices that are connected through acommunications network. In the distributed computing environments, theprogram modules can be located in both local and remote computer storagemedia including storage devices.

The previously described descriptions are only embodiments of thepresent application, and are not intended to limit the presentapplication. A person skilled in the art can make various modificationsand changes to the present specification. Any modifications, equivalentsubstitutions, improvements, etc. that come within the spirit andprinciples of the present application are intended to be included withinthe scope of the claims of the present application.

What is claimed is:
 1. A computer-implemented method, comprising:obtaining usage demand information of a data requestor for usingoriginal data , wherein the usage demand information indicates a demandof the data requestor for performing computations based on the originaldata; sending a usage authorization request for the original data to adata owner of the original data based on a decentralized identifier(DID) corresponding to the original data; receiving confirmationinformation of the usage authorization request from the data owner;processing the original data based on the usage demand information toobtain a processing result; transmitting the processing result to thedata requestor; and generating a verifiable claim (VC) for recordingusage information of the original data.
 2. The computer-implementedmethod of claim 1, comprising: in response to determining that theoriginal data belongs to the data owner, generating correspondenceinformation between a data identifier of the original data and a DID ofthe data owner; and storing the correspondence information on ablockchain.
 3. The computer-implemented method of claim 2, whereindetermining that the original data belongs to the data owner comprises:obtaining ownership confirmation information that comprises a digitalsignature of a trusted entity, wherein the ownership confirmationinformation indicates identity information of the data owner of theoriginal data; and wherein generating correspondence information betweenthe data identifier of the original data and the DID of the data ownercomprises: searching for a DID corresponding to the identity informationof the data owner; and adding the data identifier of the original datato a DID document corresponding to the DID.
 4. The computer-implementedmethod of claim 1, wherein processing the original data comprises:transmitting the original data to a platform that supports a secureconfidential computing cloud service (C3S).
 5. The computer-implementedmethod of claim 1, wherein transmitting the processing result to thedata requestor comprises: transmitting the processing result to the datarequestor through at least one of blockchain transmissions, cross-chaintransmissions, or off-chain transmissions.
 6. The computer-implementedmethod of claim 1, wherein the VC indicates that the original data isused by the data requestor.
 7. The computer-implemented method of claim2, wherein the correspondence information is first correspondenceinformation, and comprising: generating second correspondenceinformation between a data identifier of the processing result and theDID of the data owner; and storing the second correspondence informationin the blockchain.
 8. The computer-implemented method of claim 7,wherein the original data is stored in a different blockchain, andcomprising: storing the processing result in the different blockchain.9. A non-transitory, computer-readable medium storing one or moreinstructions executable by a computer system to perform operationscomprising: obtaining usage demand information of a data requestor forusing original data , wherein the usage demand information indicates ademand of the data requestor for performing computations based on theoriginal data; sending a usage authorization request for the originaldata to a data owner of the original data based on a decentralizedidentifier (DID) corresponding to the original data; receivingconfirmation information of the usage authorization request from thedata owner; processing the original data based on the usage demandinformation to obtain a processing result; transmitting the processingresult to the data requestor; and generating a verifiable claim (VC) forrecording usage information of the original data.
 10. Thenon-transitory, computer-readable medium of claim 9, the operationscomprising: in response to determining that the original data belongs tothe data owner, generating correspondence information between a dataidentifier of the original data and a DID of the data owner; and storingthe correspondence information on a blockchain.
 11. The non-transitory,computer-readable medium of claim 10, wherein determining that theoriginal data belongs to the data owner comprises: obtaining ownershipconfirmation information that comprises a digital signature of a trustedentity, wherein the ownership confirmation information indicatesidentity information of the data owner of the original data; and whereingenerating correspondence information between the data identifier of theoriginal data and the DID of the data owner comprises: searching for aDID corresponding to the identity information of the data owner; andadding the data identifier of the original data to a DID documentcorresponding to the DID.
 12. The non-transitory, computer-readablemedium of claim 9, wherein processing the original data comprises:transmitting the original data to a platform that supports a secureconfidential computing cloud service (C3S).
 13. The non-transitory,computer-readable medium of claim 9, wherein transmitting the processingresult to the data requestor comprises: transmitting the processingresult to the data requestor through at least one of blockchaintransmissions, cross-chain transmissions, or off-chain transmissions.14. The non-transitory, computer-readable medium of claim 9, wherein theVC indicates that the original data is used by the data requestor. 15.The non-transitory, computer-readable medium of claim 10, wherein thecorrespondence information is first correspondence information, and theoperations comprising: generating second correspondence informationbetween a data identifier of the processing result and the DID of thedata owner; and storing the second correspondence information in theblockchain.
 16. The non-transitory, computer-readable medium of claim15, wherein the original data is stored in a different blockchain, andthe operations comprising: storing the processing result in thedifferent blockchain.
 17. A computer-implemented system, comprising: oneor more computers; and one or more computer memory devices interoperablycoupled with the one or more computers and having tangible,non-transitory, machine-readable media storing one or more instructionsthat, when executed by the one or more computers, perform operationscomprising: obtaining usage demand information of a data requestor forusing original data , wherein the usage demand information indicates ademand of the data requestor for performing computations based on theoriginal data; sending a usage authorization request for the originaldata to a data owner of the original data based on a decentralizedidentifier (DID) corresponding to the original data; receivingconfirmation information of the usage authorization request from thedata owner; processing the original data based on the usage demandinformation to obtain a processing result; transmitting the processingresult to the data requestor; and generating a verifiable claim (VC) forrecording usage information of the original data.
 18. Thecomputer-implemented system of claim 17, the operations comprising: inresponse to determining that the original data belongs to the dataowner, generating correspondence information between a data identifierof the original data and a DID of the data owner; and storing thecorrespondence information on a blockchain.
 19. The computer-implementedsystem of claim 18, wherein determining that the original data belongsto the data owner comprises: obtaining ownership confirmationinformation that comprises a digital signature of a trusted entity,wherein the ownership confirmation information indicates identityinformation of the data owner of the original data; and whereingenerating correspondence information between the data identifier of theoriginal data and the DID of the data owner comprises: searching for aDID corresponding to the identity information of the data owner; andadding the data identifier of the original data to a DID documentcorresponding to the DID.
 20. The computer-implemented system of claim17, wherein processing the original data comprises: transmitting theoriginal data to a platform that supports a secure confidentialcomputing cloud service (C3S).